Data breach at the Department of Social Services

This just in, the department of Social Services credit card system has been breached, as of yesterday. This isn’t something to be thankful for that’s for sure.

8,500 people have received warnings that their personal data held by a contractor has been breached. Past and current employees alike are vulnerable. The breach included employee names, user names, work phone numbers, work email, credit card information, Australian government service number, public service classification, organisation unit and system passwords. In early November, the department alerted it’s employees to the system breach prior to 2016.

There was not a communication of how long the data was exposed for, however a DSS spokesman said the contractor, business information services, said the data was open from June 2016 until October 2017. The data related to the period 2004-2015.

So far the DSS is putting blame on the third-party providers actions, stating that the breach is in no way a fault of the DSS. Recently stated, the DSS said the data has now been secured, and that there was no evidence of improper use of the departments credit cards. It was stated that the type of information that was stolen can be a strong factor to identity theft, fraud and masquerading, where the attacker is pretending to be an authorized user.